CVE-2024-42388 Vulnerability Details

  /     /     /  

CVE-2024-42388 Metadata Quick Info

CVE Published: 18/11/2024 | CVE Updated: 18/11/2024 | CVE Year: 2024
Source: Nozomi | Vendor: Cesanta | Product: Mongoose Web Server
Status : PUBLISHED

---

CVE-2024-42388 Description

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.

Metrics

CVSS Version: 3.1 | Base Score: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-823
CWE Name: CWE-823 Use of Out-of-range Pointer Offset
Source: Cesanta

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).